E-commerce has reshaped the shopping habits of consumers. From the convenience of buying at one’s fingertips to the endless discounted deals, online stores have grown in popularity in a short time. However, the growth in e-commerce has also led to various frauds and cyberattacks. Cybercriminals are tricking shoppers with imposter websites and products or stealing their payment card details.
By Rudra Srinivas, Feature Writer, CISO MAG
Multiple security incidents were reported on online stores by Magecart hackers. Recently, hackers compromised over 2000 Magento e-commerce platforms in the largest automated Magecart campaign. In Magecart attacks, (also called web skimming or e-skimming attacks) hackers inject malicious JavaScript code on the website checkout pages to exfiltrate customers’ payment information.
So, what can you do to defend against these attacks? Here are four questions to ask yourself to find out how secure your online shopping is:
1. How secure is the website?
Cybercriminals create fake or lookalikes of legitimate e-commerce sites to collect sensitive information from users. Do thorough research to find out the authenticity of the website and its products before making any purchases.
According to a research report from Juniper Networks, e-commerce, money transfer, and banking services will lose over $200 billion to online payment fraud in the next five years. The increasing ubiquity of digital payments provides an ever-increasing attack surface for fraudsters.
Attackers often impersonate popular brands by creating a lookalike website, similar domain name, or URL of the original site. When a user clicks on these links, it redirects them to a fake website, which often contains a form intended to steal user credentials, payment details, or sensitive information. Avoid clicking on ads that lure users with unbelievable offers, as they could be malicious or intended to phish the users.
2. Is it safe to share personal information?
Be vigilant about the information you give to complete the payment process. Cancel the transaction if you feel the site is collecting additional information than required. Fill out what is necessary at the checkout page and remember not to save your payment information on the site. Make sure you delete your previously stored payment details from the account, as the data may fall into wrong hands if your account gets hacked.
3. How secure is your internet?
Securing your internet connection is essential when it comes to protecting your data/device against cyberattacks. Unsecure internet might allow threat actors to break into your network or device. Never use public Wi-Fi to shop online. Even when accessing your home network, use a VPN (Virtual Private Network) for additional security. VPNs provide a secure connection to users when they join another network online. It also changes the IP address and location, making your browsing activity safe and private from threat actors.
4. Is your password strong enough?
We cannot underrate the importance of password management while talking about online security. According to a study by Microsoft, 44 million users were reusing their usernames and passwords. The survey also exposed that the largest percentage of passwords were weak and used for a long period.
Using a passphrase rather than a password will give you maximum security for your network, however, make sure the passphrase you choose is easy-to-remember and complex at the same time. Make sure you have a strong and complex password, which is difficult to guess. Change it on a regular basis to reduce the risk of threat exposure.
Final Note
Since e-commerce gives consumers the freedom to shop on multiple devices, it has grown to be a preferred option. As shopping habits evolve, so do cybercriminals. New social engineering techniques are leveraged to deceive and mislead consumers. We need to stay mindful, avoid clicking on third-party links, or download attachments before reviewing them.
About the Author
Rudra Srinivas is a Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.
